Using keytool or installing certificate in java

Posted: August 8, 2013 by Narendra Shah in Uncategorized
Tags: , , , ,

When ever we have integration with webservices or other server, where java/tomcat process interacts using https protocol, we need to install certificate for the same. This is common requirement where certificate expires or not able to find valid certificates, We get below like below exception. To fix this issue we can use keytool utility to register certificate.

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)

Steps to install certificate in java store.

1. Get certificate files(usually .crt file.). We can open the url in firefox / chrome and then click on https/certificate, it will display more information-> Security tab-> View Certificate button -> Details Tab->export and save file with some name with .crt extension(example.crt).

2. As an example java is installed on (/usr/jdk), run following command to see already existing certificates.

/usr/jdk/bin/keytool -list -keystore “/usr/jdk/jre/lib/security/cacerts”

It will ask password, default password is changeit

2. Install certificate with following command.

/usr/jdk/bin/keytool -import -noprompt -trustcacerts -alias mysite -file  example.crt -keystore  “/usr/jdk/jre/lib/security/cacerts”  -storepass changeit

Thats it certificate will be installed in your java process. and restart the server, every thing will be good now.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s